CVE-2006-6360

PHP Upload Center 2.0 - Remote File Inclusion via activate.php footerpage Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-6360. PoCs published by GregStar.

AI-analyzed exploit summary The writeup describes a Local/Remote File Inclusion vulnerability in PHP Upload Center v2.0, where the 'language' and 'footerpage' parameters in 'activate.php' can be manipulated to include arbitrary files. The vulnerable code is highlighted, and an example exploit URL is provided.

Description

PHP remote file inclusion vulnerability in activate.php in PHP Upload Center 2.0 allows remote attackers to execute arbitrary PHP code via a URL in the footerpage parameter.

Exploits (1)

exploitdb WRITEUP VERIFIED

by GregStar · textwebappsphp

https://www.exploit-db.com/exploits/2886

View Code ZIP pw:eip

The writeup describes a Local/Remote File Inclusion vulnerability in PHP Upload Center v2.0, where the 'language' and 'footerpage' parameters in 'activate.php' can be manipulated to include arbitrary files. The vulnerable code is highlighted, and an example exploit URL is provided.

Classification

Writeup 90%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: PHP Upload Center v2.0

No auth needed

Prerequisites: Access to the target application · Ability to send HTTP requests to the target

MITRE ATT&CK